DNS records visible only for LAN computers

Kevin Darcy kcd at chrysler.com
Wed Nov 18 16:12:16 UTC 2009

Peter Macko wrote:
> Setup:
> I have a domain example.com that is hosted on DNS under control of my 
> internet provider.
> Web server www.example.com is hosted by another company.
> I have setup a local DNS for computers on my LAN. I have a LDAP server 
> on LAN.
> Question:
> I want to make LDAP visible only for computers on LAN without altering 
> DNS (of the internet provider).
> The name of LDAP server should be ldap.example.com. Is it possible to 
> do it?
> I can think of two solutions:
> 1) I could create master zone for example.com on DNS (on LAN). This 
> way I have to create A record for www.example.com,
> but if internet provider changed ip address of the web-server, 
> computers on lan would not reach
> www.example.com and I would have to update A record on local DNS.
> 2) Another solution is to create zonefile for subdomain 
> local.example.com on LAN DNS, so ldap.local.example.com.
> But this is not exactly what I want.
3) Create a zone called "ldap.example.com". Put the A record for your 
LDAP server at the apex of the zone.

Obviously, this isn't really scalable -- you don't want to have to 
create zones and zone definitions for every resource on your LAN, but 
this is the price you pay for being so disjointed from your 
webservice/external-DNS provider that they don't even bother telling you 
when they change the IPs of your main website. If you want scalability, 
you should take control of example.com yourself and then implement 
something like "view"s to control how it is presented to internal versus 
external clients.

                                                   - Kevin

More information about the bind-users mailing list